`firewall-cmd --get-active-zones` returns something like this:

```
dmz
  sources: ipset:dmz-hosts
public
  interfaces: eth0
```

if zone binding is based on source ips, so strings with `sources: ...` should be excluded along with `interfaces: ...` to get zones list.